Security differences between a LAN and WAN

Generally, what kind of security needs to be considered in a network management environment? What's the different...

between security in a LAN and WAN network?

The primary difference between a Local Area Network (LAN) and a Wide Area Network (WAN), besides the technology used, is that generally you have control of all the resources for a LAN, but not for a WAN.

For example, for a single company LAN (not connected to another LAN or to the Internet), that company can provide physical security for the entire LAN and all the connected computers. They can provide background checks for all the people that have access to all of the equipment. They can establish security policies and procedures that can be enforced on all the equipment. All of the threats to the system come from within (assuming adequate physical security).

As soon as the LAN is connected to another LAN or the Internet and becomes a WAN, all of that changes. The company does not know what physical protections have been made to the rest of the WAN, only its small portion. In the case of an Internet connection, they have no idea who might try to access their LAN. The entire threat model changes. Not that any of the threats from the LAN-only environment have gone away, but many more have been added. One can think of the threat profile for a LAN as being a subset of the threat profile for a WAN.

This threat profile is what helps to decide what security measures are appropriate. In terms of network management, within a self contained LAN, there probably is no need to have network management protocols encrypted, or special authentication done for those protocols (unless you are worried that insiders may attempt to "manage" your network for you). On the other hand, you probably do not want your network management protocols to traverse the Internet without protection. Nor do you want your computers on a remote segment to respond to network management requests that are not authenticated.

So, as with any computer system or network, the first steps are to identify what the threats to your system or network are and what needs to be protected. Then you can go about devising ways to provide the required protection.

This was last published in October 2001

Dig Deeper on Wireless network security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

hello daddy, i want to be a senpai too